Ginni Rometty, IBM’s chairman, president and CEO, has added Marc van Zadelhoff to her executive team as general manager of IBM Security. Brendan Hannigan, who has been the GM for the past four years, is reportedly stepping down to spend more time with his family.
Van Zadelhoff (pictured), who previously served as vice president of strategy and product management for security at IBM, will step into his new role early next year, according to news reports.
We caught up with Rob Enderle, principal analyst at the Enderle Group, to get his thoughts on the personnel shift. He told us for a company like IBM in a world that is feeling less and less secure this formidable security capability is potentially a huge competitive advantage. Van Zadelhoff’s promotion is as much about appearing prudent as it is about being secure, he said.
“Most smart CIOs know that absolute security isn’t possible and often they aren’t even funded to provide adequate security,” Enderle said. “But if they can show they used a company like IBM and are breached they at least don’t look negligent and that could save their jobs should there be a breach.”
The Threat Landscape
Rometty seems to have a clear view of how vital security is in an age where hacks, malware and other cybersecurity issues hit the news almost every week.
According to Symantec, 2014 was a record-setting year for zero-day vulnerabilities. That’s not good news, but what’s worse is that it took software companies an average of 59 days to create and roll out patches -- up from only four days in 2013, Symantec noted. Attackers jumped on the opportunity to exploit vulnerabilities.
The Heartbleed bug of 2014 was a prime example and some estimates projected costs to companies from the vulnerability in the millions. Heartbleed impacted most of the Internet, giving hackers access to user passwords as well as enabling them to trick people into using fake versions of popular Web sites.
There was also an 8 percent increase in highly-targeted spear-phishing attacks in 2014. What made last year particularly interesting was the precision of these attacks, which used 20 percent fewer e-mails to successfully reach their targets and incorporated more drive-by malware downloads and other Web-based exploits, Symantec noted.
What Van Zadelhoff Brings
Rometty seems to understand the threat landscape, which is most likely one reason IBM Security has been making strategic acquisitions -- 15 in the past 10 years -- and has grown to a $1.5 billion business. According to market research firm Gartner, IBM is the world’s largest security vendor that sells to enterprises only.
“IBM is pretty effective at selling the concept of security and helping free up funds to address the problem more effectively so you also get the added benefit of potentially avoiding the breach in the first place,” Enderle said. “The combination of job protection and actually being more secure in an increasingly frightening world is a powerful path to revenue for IBM.”
As for van Zadelhoff, he has nearly 20 years of experience in strategy, venture capital, business development and marketing in the IT and security space. In his previous role at IBM, he oversaw the worldwide product management, budget and positioning for the company’s entire software portfolio.
Van Zadelhoff also appears to understand the ins and outs of the company, having worked in leadership roles in product management, marketing, M&A and software and services. He came to IBM through the 2006 acquisition of Consul Risk Management, where he served as vice president of marketing and business development. Before that, he was in the IT venture capital and strategy consulting business.